Coming soon: SSL

LincLinc BardDetroit

Icrontic has finally joined civilized society and splurged on a wildcard SSL. It's currently in the process of getting setup. So no, it's not unexpected if you suddenly see a little green lock in the URL bar later this week.

Upgrade!

SonorousBobbyDigimertesnAnnesStraight_ManCycloniteMt_GoatGargStrikesMassalinie

Comments

  • TushonTushon I'm scared, Coach Alexandria, VA

    Woo changes! Is there a reason you didn't opt for using something like Let's Encrypt before splurging?

  • HeroHero formerly known as XGPHero

    biogel, yay!...what?...not real?...well then what the hell else did he mean? sounds like fancy stuff.

  • A wildcard cert for Icrontic? What, do you have money to burn? o_O

    _k
  • KwitkoKwitko Sheriff of Banning (Retired) By the thing near the stuff

    I'm not sure what UC Berkeley's Space Sciences Lab has to do with Icrontic, but hey, you're the boss.

  • BuddyJBuddyJ Dept. of Propaganda OKC

    Super Sassy Linc.

    Ryder
  • LincLinc Bard Detroit

    @Tushon said:
    Woo changes! Is there a reason you didn't opt for using something like Let's Encrypt before splurging?

    I was a little concerned about the CA chain and it being accepted for things I may want to do. I chose RapidSSL because it maximized acceptance rates without costing a fortune. At least, I think it did. This isn't really my area. Which is also the other reason: I ain't got time for that. I'd rather throw a little money at the problem than burn a weekend tinkering in sysadmin land at this stage of my life.

    @ardichoke said:
    A wildcard cert for Icrontic? What, do you have money to burn? o_O

    It wasn't that bad; about $300 for 2 years.

    The day I buy a non-wildcard cert for Icrontic is the day I suddenly realize I need a protected subdomain, I can just feel it. My tinkering knows no boundaries when I get off on a tangent, and I don't wanna touch this again for 2 years.

  • TushonTushon I'm scared, Coach Alexandria, VA

    Makes sense to me. @ardichoke may be thinking of the big vendor prices, e.g. Verisign aka $$$$ for wildcard or EV SAN certs.

  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI

    VERI$IGN MIRITE?

  • LincLinc Bard Detroit

    @Tushon said:
    Makes sense to me. @ardichoke may be thinking of the big vendor prices, e.g. Verisign aka $$$$ for wildcard or EV SAN certs.

    Yeah, to hell with EV and big brands for an indy site. I just need a CA chain that stands up to whatever I feel like integrating.

  • I'm thinking more of the fact that you can get standard SSL certs for $0 at this point, which is plenty to run any website that isn't dealing with confidential data.

    See: StartSSL or Let's Encrypt.

    I've had valid SSL certs on most of my domains and services even though I'm the only one that uses them, and I've never paid a penny for a cert.

    Garg
  • Congrats on the new bell and whistle for Icrontic!

  • LincLinc Bard Detroit

    You can now browse as https://icrontic.com. I'll wait another day or two to force it so folks can let me know if there are any issues.

    Garg
  • TushonTushon I'm scared, Coach Alexandria, VA
    edited January 2016

    https://icrontic.com/bestof/everything > will report content errors due to loading http content from posts
    https://icrontic.com/profile/Tushon > shows errors from past image uploads. A number of other potential issues from migration or SSL for badge images.

    Also seeing this in console (spacing is shit)
    GET https://icrontic.com/profile.json&callback=? 404 (Not Found)send @ jquery.min.js?v=2.2.101.8:6x.extend.ajax @ jquery.min.js?v=2.2.101.8:6d @ track.min.js?v=1.0.3&v=2.2.101.8:1(anonymous function) @ track.min.js?v=1.0.3&v=2.2.101.8:1c @ jquery.min.js?v=2.2.101.8:4p.fireWith @ jquery.min.js?v=2.2.101.8:4x.extend.ready @ jquery.min.js?v=2.2.101.8:4q @ jquery.min.js?v=2.2.101.8:4

    Also, the links at the bottom of page and the content behind them likely needs some help.

  • LincLinc Bard Detroit
    edited January 2016

    Looks like we have a few things to address:

    • Avatar-change activities hard-code the protocol in the activity body.
    • Default badges address doesn't have SSL (they're remotely hosted because cloud).
    • User-generated content will have embedded media with hard-coded protocol.

    The first couple are straightforward things that can get fixed & mass-updated. The other is trickier.

  • LincLinc Bard Detroit

    Tracked down that rogue /profile.json call, looks like it was some old stats plugin I don't care about so I just turned it off. Fixed the avatars / badges / activity over SSL too.

  • LincLinc Bard Detroit

    I did a mass-update on embedded content that links to stuff folks uploaded to Icrontic. However, for stuff embedded from other sites, it's not really safe for me to do that because I have no idea if X site supports https or not. So for discussions with rando media embedded, there's just always gonna be an SSL alert and I don't think there's anything I can do about it.

  • Personally, I don't think the mixed protocol message is that big of a deal. It's not an ecommerce site. Anyone who is going to pay attention to the little exclamation point in their address bar is probably knowledgeable enough to realize user content may not be loaded over HTTPS.

    HeroLinc
Sign In or Register to comment.